Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/naN_wk-eaom_oZasZnM08I6laXM.roa
File:                     naN_wk-eaom_oZasZnM08I6laXM.roa (raw, json)
Hash identifier:          reArNPeh5sy/5z31/gOHoE8pb//a185oVNqpk+f3DK4=
Subject key identifier:   9D:A3:7F:C2:4F:9E:6A:89:BF:A1:96:AC:66:73:34:F0:8E:A5:69:73
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       0191C3EAAE6FD1F81F6CD5DC2EB29830B278
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/naN_wk-eaom_oZasZnM08I6laXM.roa
Signing time:             Thu 05 Sep 2024 20:40:22 +0000
ROA not before:           Thu 05 Sep 2024 20:40:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210344
IP address blocks:        2a03:5840:160::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c3:ea:ae:6f:d1:f8:1f:6c:d5:dc:2e:b2:98:30:b2:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Sep  5 20:40:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9da37fc24f9e6a89bfa196ac667334f08ea56973
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:58:0e:0a:7c:56:f8:b7:5d:20:6e:78:14:e3:
                    0a:91:5f:2f:80:d7:87:d7:cc:a7:33:5c:9a:58:1d:
                    ff:78:3b:45:40:71:db:32:02:b5:99:c4:3c:e0:b2:
                    29:9a:33:16:fa:54:84:0e:69:48:82:ec:dd:59:37:
                    c0:6f:df:28:47:5b:b9:ff:ab:67:b5:6a:a3:72:03:
                    fa:c9:f3:37:9a:9d:8a:c2:7a:e1:88:f5:75:2c:2c:
                    61:57:8b:04:ff:be:61:bb:98:82:47:eb:f9:cc:44:
                    81:fb:fa:34:0a:43:e3:ca:c4:92:04:6e:4a:63:0e:
                    4a:19:f3:2c:84:5b:90:ae:05:72:a7:ca:c5:fe:14:
                    e9:b1:7d:82:a2:2f:72:67:c7:be:c5:29:f9:c1:2c:
                    74:1e:38:1e:fd:87:55:86:05:66:ea:b1:ce:54:28:
                    88:47:b1:50:ee:90:32:dc:d8:fe:f0:8b:24:f4:a4:
                    30:9a:e0:47:2e:63:f0:c8:69:51:50:6c:7e:50:8d:
                    f6:53:90:75:12:1b:94:b9:a6:bc:93:ea:bb:75:d0:
                    23:c6:d5:22:83:88:d3:6e:26:6b:01:0e:57:90:67:
                    d7:ad:d2:dc:9e:ec:e2:37:fd:84:9d:af:4c:d9:07:
                    0a:e2:18:df:7a:df:fa:3f:54:8f:85:2f:27:54:db:
                    8c:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:A3:7F:C2:4F:9E:6A:89:BF:A1:96:AC:66:73:34:F0:8E:A5:69:73
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/naN_wk-eaom_oZasZnM08I6laXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:160::/44

    Signature Algorithm: sha256WithRSAEncryption
         58:d1:f0:c1:1c:6d:df:ad:8e:8e:dc:79:ca:93:70:88:5b:75:
         72:46:1f:0d:5e:3d:eb:d4:d0:c5:68:33:0c:ef:75:ea:36:3d:
         ee:2e:99:25:37:09:25:81:bf:45:0a:dd:47:cf:52:ec:6e:30:
         76:6b:c8:55:26:54:f1:ee:0e:ba:63:b7:d1:91:2c:85:75:0b:
         8d:d0:a9:bd:91:68:57:ea:32:ba:20:cd:17:ff:ea:3f:27:da:
         95:10:75:a1:4f:a0:12:7d:39:5b:5e:3a:2c:27:90:c8:25:f3:
         5e:f6:9d:fe:6a:dd:9e:ad:a3:5b:19:c4:a3:95:e7:e3:d1:f5:
         83:6a:c1:31:95:b9:24:99:7c:31:06:aa:b6:a2:15:76:ec:93:
         f6:d0:76:aa:67:f1:20:d8:7a:c6:83:dc:9c:c3:cc:f1:c9:7f:
         da:89:c3:22:44:7b:32:84:c0:0a:6c:73:98:d2:dd:c0:81:b0:
         cc:c3:00:db:a4:e8:ea:4c:db:d9:d9:3a:ca:c1:4f:c7:ba:f1:
         97:6d:fc:30:71:7e:ca:a9:70:e6:df:d0:7a:2e:c7:8f:55:93:
         4a:c6:6f:24:2c:c9:52:5f:b1:1d:c5:5b:f2:fc:fd:fd:6b:ec:
         f3:ec:28:34:82:50:9d:aa:c5:85:7f:37:ee:f6:f6:44:58:65:
         1f:38:82:a9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZHD6q5v0fgfbNXcLrKYMLJ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjQwOTA1MjA0MDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGEzN2ZjMjRmOWU2YTg5YmZhMTk2YWM2NjczMzRmMDhlYTU2OTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFgOCnxW+LddIG54FOMKkV8vgNeH
18ynM1yaWB3/eDtFQHHbMgK1mcQ84LIpmjMW+lSEDmlIguzdWTfAb98oR1u5/6tn
tWqjcgP6yfM3mp2KwnrhiPV1LCxhV4sE/75hu5iCR+v5zESB+/o0CkPjysSSBG5K
Yw5KGfMshFuQrgVyp8rF/hTpsX2Coi9yZ8e+xSn5wSx0Hjge/YdVhgVm6rHOVCiI
R7FQ7pAy3Nj+8Isk9KQwmuBHLmPwyGlRUGx+UI32U5B1EhuUuaa8k+q7ddAjxtUi
g4jTbiZrAQ5XkGfXrdLcnuziN/2Ena9M2QcK4hjfet/6P1SPhS8nVNuMWwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ2jf8JPnmqJv6GWrGZzNPCOpWlzMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvbmFOX3drLWVhb21fb1phc1puTTA4STZsYVhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgNYQAFg
MA0GCSqGSIb3DQEBCwUAA4IBAQBY0fDBHG3frY6O3HnKk3CIW3VyRh8NXj3r1NDF
aDMM73XqNj3uLpklNwklgb9FCt1Hz1LsbjB2a8hVJlTx7g66Y7fRkSyFdQuN0Km9
kWhX6jK6IM0X/+o/J9qVEHWhT6ASfTlbXjosJ5DIJfNe9p3+at2eraNbGcSjlefj
0fWDasExlbkkmXwxBqq2ohV27JP20HaqZ/Eg2HrGg9ycw8zxyX/aicMiRHsyhMAK
bHOY0t3AgbDMwwDbpOjqTNvZ2TrKwU/HuvGXbfwwcX7KqXDm39B6LsePVZNKxm8k
LMlSX7EdxVvy/P39a+zz7Cg0glCdqsWFfzfu9vZEWGUfOIKp
-----END CERTIFICATE-----